[gdal-dev] OGC services and credentials
Laurențiu Nicola
lnicola at dend.ro
Tue Oct 29 07:17:31 PDT 2024
Hi,
It's unlikely to be a problem for you, but credential passing via command-line arguments is considered an anti-pattern because they're visible by other users who might be looking at the running process list. Environment variables are better because other users can't inspect them.
Of course, this is arguably even less relevant in today's container/k8s world, and config options are awkward when you need to open multiple datasets from different sources.
Laurentiu
On Tue, Oct 29, 2024, at 14:53, Michał Kowalczuk via gdal-dev wrote:
> Hi GDAL friends!
>
> Why service credentials (username & password) can not be entered with open options (*-oo UserPwd=user:pass*) when working with OGC services (tested against WMS)?
>
> I know there is a config option *GDAL_HTTP_USERPWD=value* but it's not clean solution in my opinion. Credential should be related to and owned by the dataset not the global environmental variable. What if I use more than one services that need credentials?
>
> I know there is a "UserPwd" XML tag when using xml as an open path, but this limits the use of other open methods (https://gdal.org/en/latest/drivers/raster/wms.html#xml-description-file).
>
> So, the following returns dataset info
> *gdalinfo "WMS:sample_wms_service?request=getcapabilities&service=wms" *--config GDAL_HTTP_USERPWD=user:pass**
>
> and the following:
> *gdalinfo "WMS: sample_wms_service?request=getcapabilities&service=wms" *-oo UserPwd=user:pass**
> returns error:
> *ERROR 1: HTTP error code : 401
> ERROR 1: Error returned by server : HTTP error code : 401 (0)
> gdalinfo failed - unable to open* ...
>
> Unfortunately, I can not share the sample service and it's credentials, but it is not needed for answer my general question.
>
> Thank you in advance for your interest in the problem
> Michał Kowalczuk
> _______________________________________________
> gdal-dev mailing list
> gdal-dev at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/gdal-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/gdal-dev/attachments/20241029/b79845e2/attachment.htm>
More information about the gdal-dev
mailing list